DHS network security tools need refining: IG
Connecting state and local government leaders
The Homeland Security Department's automated network security tools need to be fine-tuned to deliver more accurate data, according to the agency's inspector general.
The Homeland Security Department's internal computer network generated 65 million security alerts during a three-month period'and 6.5 million of those may be linked to employees accessing pornographic words or materials, according to a report today from DHS inspector general Richard Skinner.
Nearly three-quarters of the automated 'security event messages' and 'detect.misuse.porn' alerts originated from 16 devices on the department's wide area network, according to the report. However, DHS could not identify the specific workstations that had generated the messages, the inspector general found.
Under DHS policy, employees are forbidden to access pornographic materials from workstations. However, the 'detect.misuse.porn' message may not necessarily indicate pornography, the IG report explains in a footnote.
DHS' automated network security tools'which create warnings when detecting a possible breach of IT security'are programmed to look for pornographic keywords such as 'oral.' But sometimes alerts are generated when the keywords are embedded in other words, such as in 'behavioral,' the report said.
The security warnings are generated automatically by network security tools and are intended to help secure IT systems and detect hacking attempts and viruses.
DHS is not using those tools effectively, the audit found.
'DHS had not finalized procedures for identifying the source of those messages, or for coordinating appropriate actions with other technical and security organizations,' the IG wrote. 'DHS systems and data are at increased risk of service disruptions and security-related events if automated network security tools are not utilized effectively.'
The number of security events increased dramatically in the last year. In July 2004, DHS was receiving about 5.4 million security event messages per month. In February, March and April 2005, the months in which the audit took place, there were 65 million such messages, the report said.
In addition, the DHS network did not have its security accreditations and certifications, the report added. DHS officials agreed with the findings and recommendations.
Alice Lipowicz is a staff writer for Government Computer News' sister publication, Washington Technology.
NEXT STORY: Information warfare: The need to know your enemy